CVE-2025-37818
- Source
- https://cve.org/CVERecord?id=CVE-2025-37818
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37818.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37818
- Downstream
- Related
- Published
- 2025-05-08T06:26:13.322Z
- Modified
- 2026-03-11T05:39:00.405828Z
- Summary
- LoongArch: Return NULL from huge_pte_offset() for invalid PMD
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Return NULL from hugepteoffset() for invalid PMD
LoongArch's hugepteoffset() currently returns a pointer to a PMD slot even if the underlying entry points to invalidptetable (indicating no mapping). Callers like smapshugetlbrange() fetch this invalid entry value (the address of invalidptetable) via this pointer.
The generic isswappte() check then incorrectly identifies this address as a swap entry on LoongArch, because it satisfies the "!ptepresent() && !ptenone()" conditions. This misinterpretation, combined with a coincidental match by ismigrationentry() on the address bits, leads to kernel crashes in pfnswapentrytopage().
Fix this at the architecture level by modifying hugepteoffset() to check the PMD entry's content using pmdnone() before returning. If the entry is invalid (i.e., it points to invalidpte_table), return NULL instead of the pointer to the slot.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37818.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2ca9380b12711afe95b3589bd82b59623b3c96b3
- https://git.kernel.org/stable/c/34256805720993e37adf6127371a1265aea8376a
- https://git.kernel.org/stable/c/51424fd171cee6a33f01f7c66b8eb23ac42289d4
- https://git.kernel.org/stable/c/b49f085cd671addbda4802d6b9382513f7dd0f30
- https://git.kernel.org/stable/c/bd51834d1cf65a2c801295d230c220aeebf87a73
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37818.json
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-37818
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfa96b57c149061f71a70bd6582d995f6424fbbf4Fixed34256805720993e37adf6127371a1265aea8376aFixed2ca9380b12711afe95b3589bd82b59623b3c96b3Fixed51424fd171cee6a33f01f7c66b8eb23ac42289d4Fixedb49f085cd671addbda4802d6b9382513f7dd0f30Fixedbd51834d1cf65a2c801295d230c220aeebf87a73